A New Web API Aims to Kill Passwords. Will This Affect Apple?

The FIDO Alliance and W3C are launching a web API that would make it easier for people to manage online accounts without passwords. It would use a unique encryption credential in almost any online service in a browser. Will this affect Apple?

Touch ID and Face ID

If you have an iPhone 5s or later, and/or a Touch Bar Mac, which has a Touch ID sensor, Apple already gives customers the ability to log into websites with a fingerprint. And the iPhone X gives you Face ID. However, that still requires a password.

Touch ID and Face ID don’t replace passwords; instead they add a layer of security on top of passwords. It’s an authentication method, but you can’t create an online account and use your fingerprint instead of a password.

New Web API

The new web API—called WebAuthn—lets existing security measures like fingerprint sensors, camera, and USB keys to be used for authentication with websites. You can use these in place of or in addition to a password.

Right now, Mozilla’s Firefox browser already supports WebAuthn, with Google Chrome and Microsoft Edge support coming in the “next few months.” Opera has also said it would add the API to its browser. There’s no word yet on whether Apple will include support for WebAuthn in Safari. Safari is the only browser that can make use of Touch ID, and right now the new web API remains a recommendation, not a rule.

Motherboardreports though that “the team behind Webkit, which is the browser engine used by Safari, Mail, and the App Store, recently joined a related working group, ‘which bodes well for seeing this capability coming to Safari in the future.’”